Data Breaches Now Cost Companies An Average Of $3.8M

The aftermath of a now all-too-common data breach can be frustrating for consumers: canceling credit cards, monitoring credit reports for irregularities, and working with banks to recoup unauthorized purchases. But the hacks can also be expensive for the targeted company, with the average cost now sitting at a 10-year high of $3.8 million.

That figure is courtesy of a new study [PDF] “Cost of a Data Breach” conducted by data-security research organization Ponemon Institute, which looked at data breaches at 350 companies in 11 countries.

According to the study, the past 12 months – punctuated with several high-profile breaches from JPMorgan Chase, Sony, and Anthem Insurance, just to name a few – saw a significant increase in the financial responsibility incurred by companies suffering hacks.

The new average cost in 2105 of $3.8 million represents a jump of 8% when compared to $3.52 million in 2014 and a 23% increase over 2013 figures.

The study ties organizations’ higher expenses to several factors including the fact that cyber attacks are simply more common, customers aren’t returning to the company after a breach and the increased cost of fixing the cause of the attack.

Although the average price of investigating and fixing a breach increased from $760,000 to $990,000, the most costly part of a breach is loss of business. In fact, lost business constituted nearly 40% of the costs related to a data breach in 2015.

According to the study, data breaches cost organizations an average of $1.57 million in lost business, an increase from $1.23 million lost in 2013.

As the overall expense of a data breach has increased for companies, so has the average price of a compromised record.

The average paid for each lost or stolen record containing sensitive and confidential information increased from $145 in 2014 to $154 in this year’s study.

While all types of companies saw an increase in the cost related to breaches, different industries were affected more than others.

For example, if a healthcare organization has a breach the average cost could be as high as $363 per stolen record, while breaches in the transportation industry run about $121 per record. The education industry has an average cost per record of $300, and average price for a record in the public sector is $68.